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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

' Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )^ Responsive to comnnunication(s) filed on 14 January 2005 . 
2a)^ This action is FINAL. 2b)n This action is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-10 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-10 is/are rejected. 

Claim(s) is/are objected to. 

6)\3 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9)0 The specification is objected to by the Examiner. 

10)^ The drawing(s) filed on 08 March 2001 is/are: a)^ accepted or b)\3 objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the confection is required if the drawing(s) is objected to. See 37 CFR 1.121 (d). 
1 1 )□ The oath or declaration is objected to by the Examiner, Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19{a)-{d) or (f). 
a)n All b)n Some * 0)0 None of: 

1 Certified copies of the priority documents have been received. 

2.n Certified copies of the priority documents have been received in Application No. . 



3.n Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



Status of Claims 

1 . Applicant anriended claims 1 . 7 and 1 0 in the amendment filed 1 4 January 2005. Thus, claims 1-10 
remain pending and are presented for examination. 

Response to Arguments 

2. Applicant's arguments filed 14 January 2005 have been fully considered but they are not persuasive. 

3. Applicant argues that Epstein fails to disclose responding to a merchant request with a specific data 
string and a request for a digital signature to be appended to the data string. Examiner respectfully 
disagrees and submits that Epstein discloses transmitting a merchant request from a web browser to a 
merchant server. Epstein discloses that the user interaction means is a web browser used by a user in 
communicating with a server on a network and to communicate a request to access the document system 
of the merchant (Col. 4 line 57-Col. 5 line 3; Col. 6. lines 50-62). The merchant server responds by 
transmitting a blank document (data string) to be digitally signed by the user, thereby requesting a digital 
signature be appended to the data string (Figure 2 (46); Col. 5, lines 4-9; Col. 6, lines 60-63). The user 
device responds to this request by hashing the document and appending a digital signature by using the 
user's public key and forwarding the appended digital signature back to the server via the users PC 
(Figure 2 (64 and 76)), 

4. Applicant further argues that Epstein fails to disclose notifying the web browser of the request for the 
digital signature and notifying a web browser that a digital signature has been obtained. Examiner 
respectfully disagrees and again submits that Epstein discloses that the user interaction means is a web 
browser used by a user in communicating with a server on a network and to communicate a request to 
access the document system of the merchant (Col. 4 line 57-Col. 5 line 3; Col. 6, lines 50-62). The 
merchant server responds by transmitting a blank document (data string) to be digitally signed by the 
user, thereby requesting a digital signature and notifying the user interaction means of this request 
(browser) (Figure 2 (46); Col. 5. lines 4-9; Col. 6. lines 60-63). Examiner also submits that Epstein further 
discloses notifying the user interaction means (browser) that a digital signature has been obtained. 
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Epstein discloses that the user forms the digital signature and routes the digital signature to the server via 
the user device (Col. 6, lines 24-28; Col. 7, lines 45-50), which effectively notifies the user device such as 
the web browser. Furthermore, the user would be notified that the digital signature was obtained through 
the web browser interface simply by the fact that the transaction or access to the server was allowed to 
proceed. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections 

set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 1-2, 6 and 10 are rejected under 35 U.S.C. 103(a) as being unpatentable over Epstein, U.S. 
Patent No. 6,453,416 in view of Naccache, U.S. Patent No. 5,910,989. 

As per Claim 1 . Epstein discloses a method for obtaining a digital signature comprising the steps 

of: 

- transmitting a merchant request from a web browser to a merchant server (Col. 4 line 57-Col. 5 
line 3; Col. 6, lines 50-62); 

- responding to the merchant request with a specific data string and a request for a digital 
signature to be appended to the data string (Figure 2 (46); Col. 5, lines 4-9; Col. 6, lines 60-63); 

- receiving the request for the digital signature (Figure 2; Col. 5, lines 4-9; Col. 6, lines 60-63); 

- notifying the web browser of the request for the digital signature (Col. 4, lines 57-61 ; Col. 5, 
lines 4-9; Col. 6, lines 60-63); 

- obtaining the digital signature from the wireless device (Col. 2, lines 40-45; Col. 6. lines 5-1 1 ; 
Col. 7, lines 45-48); 



Application/Control Number: 09/803,005 Page 4 

Art Unit: 3621 

- appending the digital signature to the specific data string (Col. 2, lines 40-45; Col. 6, lines 5-1 1 
and 20-27; Col. 7, lines 45-48); 

- notifying the web browser the digital signature has been obtained (Col. 3. lines 15-21; Col. 6. 
lines 20-27; Col. 7, lines 47-51); and 

- transmitting the data with the appended digital signature to a requesting party (Col. 6. lines 20- 
27; Col. 7. lines 47-51). 

Epstein discloses that the device for generating the digital signature is a smart card in possession 
of the user and that this smart card is associated with a smart card reader. Thus, the smart card signing 
device of Epstein is not wireless. Although certain types of smart cards such as proximity cards or RF 
cards may be wireless devices, Epstein does not specifically disclose establishing a protected short range 
wireless line between a computer and the wireless device and transmitting the digital signature from the 
wireless device to the computer via the short range wireless link. Naccache discloses a process for 
generating digital signatures using smart cards wherein the smart card has a communication interface in 
order to communicate with a computer (Figures 1 and 2). Naccache further discloses generating a digital 
signature (Col. 2, lines 20-25; Col. 3, lines 28-35) and sending this to a verifier computer (Figure 2; Col. 2, 
lines 30-35 and 43-58; Col. 10, lines 16-29). Naccache further discloses that the communication interface 
between the wireless card and the terminal may be a radiofrequency interface or infrared transmission, 
both of which are short range wireless links (Col. 1 1 , lines 37-46). It would have been obvious to one 
having ordinary skill in the art at the time of applicant's invention to modify the method of Epstein and 
generate the digital signature using a wireless device such as a smart card with a different type of 
communication interface as taught by Naccache and fonward the digital signature from the smart card to 
the computer via a short range wireless connection. Smart cards are known to have a plurality of 
different types of communication interfaces and it would have been obvious to use any of these 
communication interfaces as acknowledged by Naccache as a matter of design choice depending upon 
the particular application. 

Epstein further discloses notifying the user interaction means (browser) that a digital signature 
has been obtained, Epstein discloses that the user forms the digital signature and routes the digital 
signature to the server via the user device (Col. 6. lines 24-28; Col. 7, lines 45-50), which effectively 
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notifies the user device such as the web browser. Furthermore, it would have been obvious to one 
having ordinary skill in the art at the time of applicant's invention that the user would be notified that the 
digital signature was obtained through the web browser interface simply by the fact that the transaction or 
access to the server was allowed to proceed. 

As per Claim 2 , Epstein further discloses forwarding the data to an application within the 
computer (Figure 2; Col. 6, lines 52-67). 

As per Claim 6 , the references fail to disclose periodically reloading a web page notifying the 
customer of the request for the digital signature. Examiner takes Official Notice that periodically reloading 
web pages to notify users of certain requests is well known in the art and it would have been obvious to 
one of ordinary skill in the art at the time of applicant's invention to periodically reload the web page to 
remind the user that data is still being requested. 

As per Claim 10 . Epstein discloses a mobile electronic transaction personal proxy device, 
comprising: 

- a first interface with a merchant computer (Figure 1 ); 

- a second interface with a web browser (Figure 1); 

- a third interface with a mobile electronic transaction device (Figure 1); 

- control logic (Figure 1) configured to: 

a. notifying the web browser of a request for a digital signature to be appended to a 
specific data string from the merchant computer (Figure 2 (46); Col. 4, lines 57-61 ; Col. 5. lines 4- 
9; Col. 6, lines 60-63); 

b. request the specific data string be digitally signed by the mobile electronic transaction 
device (Col. 2, lines 40-45; Col. 6. lines 5-11; Col. 7, lines 45-48); 

c. receive a digitally signed data string from the mobile electronic transaction device 
(Col. 2, lines 40-45; Col. 6. lines 5-11 and 20-27; Col. 7. lines 45-48); 
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d. notify the web browser of the digitally signed data string (Col. 3, lines 1 5-21 ; Col. 6, 
lines 20-27; Col. 7. lines 47-51); and 

e. forward the digitally signed data string from the mobile electronic transaction device 
(Col. 6, lines 20-27; Col. 7, lines 47-51). 

Epstein discloses that the device for generating the digital signature is a smart card in possession 
of the user and that this smart card is associated with a smart card reader. Thus, the smart card signing 
device of Epstein is not wireless. Although certain types of smart cards such as proximity cards or RF 
cards may be wireless devices, Epstein does not specifically disclose establishing a protected short range 
wireless line between a computer and the wireless device and transmitting the digital signature from the 
wireless device to the computer via the short range wireless link. Naccache discloses a process for 
generating digital signatures using smart cards wherein the smart card has a communication interface in 
order to communicate with a computer (Figures 1 and 2). Naccache further discloses generating a digital 
signature (Col. 2, lines 20-25; Col. 3, lines 28-35) and sending this to a verifier computer (Figure 2; Col. 2, 
lines 30-35 and 43-58; Col. 10, lines 16-29). Naccache further discloses that the communication interface 
between the wireless card and the terminal may be a radiofrequency interface or infrared transmission, 
both of which are short range wireless links (Col. 1 1 . lines 37-46). It would have been obvious to one 
having ordinary skill in the art at the time of applicant's invention to modify the method of Epstein and 
generate the digital signature using a wireless device such as a smart card with a different type of 
communication interface as taught by Naccache and forward the digital signature from the smart card to 
the computer via a short range wireless connection. Smart cards are known to have a plurality of 
different types of communication interfaces and it would have been obvious to use any of these 
communication interfaces as acknowledged by Naccache as a matter of design choice depending upon 
the particular application. 

Epstein further discloses notifying the user interaction means (browser) that a digital signature 
has been obtained. Epstein discloses that the user forms the digital signature and routes the digital 
signature to the server via the user device (Col. 6, lines 24-28; Col. 7, lines 45-50), which effectively 
notifies the user device such as the web browser. Furthermore, it would have been obvious to one 
having ordinary skill in the art at the time of applicant's invention that the user would be notified that the 
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digital signature was obtained through the web browser interface sinnply by the fact that the transaction or 
access to the server was allowed to proceed. 

7. Claims 3-5 and 7-9 are rejected under 35 U.S.C. 103(a) as being unpatentable over Epstein, U.S. 
Patent No. 6.453,416 and Naccache. U.S. Patent No. 5,910,989 as applied above, and further in view of 
Knauft et al, U.S. Patent No. 6,654,754 B1 and Franks et al, "HTTP Authentication: Basic and Digest 
Access Authentication, RFC-261 7, June 1 999. 

As per Claims 3-5 . Epstein and Naccache fail to specifically disclose the step of recognizing a 
command within the request for a digital signature. Knauft et al disclose a system of dynamically 
generating an electronic document and providing access to a resource by a user. Knauft et al further 
disclose that the user may be authenticated by issuing commands within an HTTP request for user 
authentication (Col. 14, lines 1-10). Franks et al further disclose the use of a WWW-Authenticate header 
containing a command requesting authentication from the user as well as data to be digitally signed and a 
URL for the response (see paragraphs 3.2.1-3.2.2.5 and 4.1). Thus, It would have been obvious to one 
of ordinary skill in the art at the time of applicant's invention to modify the method of Epstein and 
Naccache and provide the ability to request user authentication using the teachings of Knauft et al and 
Franks et al in order to authenticate the user over a WWW interface using the well known and effective 
HTTP protocol. 

As per Claims 7-8 . Epstein discloses a method for obtaining a digital signature in a transaction 
between a computer of a customer and a merchant comprising the steps of: 

- receiving a request for a digital signature to be appended to a specific data string from the 
merchant during an electronic transaction (Figure 2 (46); Col. 5, lines 4-9; Col. 6, lines 60-63); 

- recognizing a data string to be digitally signed within the request (Col. 2, lines 40-45; Col. 5, 
lines 4-9; Col. 6, lines 60-63); 

- notifying a web browser of the request for the digital signature (Col. 4, lines 57-61 ; Col. 5, lines 
4-9; Col. 6, lines 60-63); 
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- forwarding the data string to an application within the computer (Col. 2, lines 40-45; Col. 5, lines 
4-9; Col. 6, lines 60-63); 

- obtaining the digital signature from the wireless device (Col. 2, lines 40-45; Col. 6, lines 5-11; 
Col. 7, lines 45-48); 

- appending the digital signature to the data string (Col. 2, lines 40-45; Col. 6. lines 5-1 1 and 20- 
27; Col. 7. lines 45-48); 

- notifying the web browser the digital signature has been obtained (Col. 3, lines 15-21; Col. 6. 
lines 20-27; Col. 7, lines 47-51); and 

- transmitting the data with the appended digital signature to a requesting party (Col. 6, lines 20- 
27;Col. 7, lines 47-51). 

Epstein discloses that the device for generating the digital signature is a smart card in possession 
of the user and that this smart card is associated with a smart card reader. Thus, the smart card signing 
device of Epstein is not wireless. Although certain types of smart cards such as proximity cards or RF 
cards may be wireless devices. Epstein does not specifically disclose establishing a protected short range 
wireless line between a computer and the wireless device and transmitting the digital signature from the 
wireless device to the computer via the short range wireless link. Naccache discloses a process for 
generating digital signatures using smart cards wherein the smart card has a communication interface in 
order to communicate with a computer (Figures 1 and 2). Naccache further discloses generating a digital 
signature (Col. 2. lines 20-25; Col. 3, lines 28-35) and sending this to a verifier computer (Figure 2; Col. 2, 
lines 30-35 and 43-58; Col. 10, lines 16-29). Naccache further discloses that the communication interface 
between the wireless card and the terminal may be a radiofrequency interface or infrared transmission, 
both of which are short range wireless links (Col. 1 1 , lines 37-46). It would have been obvious to one 
having ordinary skill in the art at the time of applicant's invention to modify the method of Epstein and 
generate the digital signature using a wireless device such as a smart card with a different type of 
communication interface as taught by Naccache and forward the digital signature from the smart card to 
the computer via a short range wireless connection. Smart cards are known to have a plurality of 
different types of communication interfaces and it would have been obvious to use any of these 
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communication interfaces as acknowledged by Naccache as a matter of design choice depending upon 
the particular application. 

Epstein further discloses notifying the user interaction means (browser) that a digital signature 
has been obtained. Epstein discloses that the user forms the digital signature and routes the digital 
signature to the server via the user device (Col. 6, lines 24-28; Col. 7, lines 45-50). which effectively 
notifies the user device such as the web browser. Furthermore, it would have been obvious to one 
having ordinary skill in the art at the time of applicant's invention that the user would be notified that the 
digital signature was obtained through the web browser interface simply by the fact that the transaction or 
access to the server was allowed to proceed. 

Epstein and Naccache further fail to specifically disclose the step of recognizing a command 
within the request for a digital signature and forwarding the digital signature to a URL included in the 
request. Knauft et al disclose a system of dynamically generating an electronic document and providing 
access to a resource by a user. Knauft et al further disclose that the user may be authenticated by 
issuing commands within an HTTP request for user authentication (Col. 14, lines 1-10). Franks et al 
further disclose the use of a WWW-Authenticate header containing a command requesting authentication 
from the user as well as data to be digitally signed and a URL for the response (see paragraphs 3.2.1- 
3.2.2.5 and 4.1 ). Thus, It would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to modify the method of Epstein and Naccache and provide the ability to request 
user authentication using the teachings of Knauft et al and Franks et al in order to authenticate the user 
over a WWW interface using the well known and effective HTTP protocol. 

As per Claim 9 . the references fail to disclose periodically reloading a web page notifying the 
customer of the request for the digital signature. Examiner takes Official Notice that periodically reloading 
web pages to notify users of certain requests is well known in the art and it would have been obvious to 
one of ordinary skill in the art at the time of applicant's invention to periodically reload the web page to 
remind the user that data is still being requested. 
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Conclusion 

8. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 
37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from 
the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date 
of this final action and the advisory action is not mailed until after the end of the THREE-MONTH 
shortened statutory period, then the shortened statutory period will expire on the date the advisory action 
is mailed, and any extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later than SIX 
MONTHS from the mailing date of this final action. 

9. Examiner's Note: Examiner has cited particular columns and line numbers in the references as 
applied to the claims below for the convenience of the applicant. Although the specified citations are 
representative of the teachings in the art and are applied to the specific limitations within the individual 
claim, other passages and figures may apply as well. It is respectfully requested from the applicant, in 
preparing the responses, to fully consider the references in entirety as potentially teaching all or part of 
the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the 
examiner. 

10. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

• Naim discloses a portable device using a smart card to receive and decrypt digital data and teach that 
the vendor may ask the device to provide a digital signature 

• Manchala et al disclose an electronic commerce system and teach wherein a vendor sends a purchase 
order to a network application and asks the application to perform a digital signature on it 



1 1 . The prior art previouslv made of record and not relied upon is considered pertinent to applicant's 
disclosure. 
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• Jobst et al disclose a system for data transfer verification and teach the generation of a digital signature 
in a wireless phone using a secret key 

• Geiger et al disclose a secure wireless electronic-commerce system with wireless network domain and 
teach the use of a client wireless device with a SIM that holds the subscriber identity and authentication 
information for use in generating digital signatures 

• Binding et al disclose a system for establishing security parameters that are used to exchange data on 
a secure connection and teach the use of a HTTP WWW-authenticate header as a means for a server to 
request additional information from the client for purposes of authentication before the server will 
complete the client's request for access 

• Honkanen et al [WO 98/28877] discloses a method for identification of a data transmission device such 
as a wireless terminal 

• Ketcham {WO 98/37661] disclose an apparatus for authentication and encryption of a remote terminal 
over a wireless link 

• Naccache discloses a method for the generation of electronic signatures in smart cards 

• Wheeler et al disclose a system for conducting transactions using digital signatures and teach 
validating a transaction by applying a hashing algorithm to an electronic message and comparing the 
results to the results of applying the public key to the digital signature received and wherein the digital 
signature is derived within a sender's smart card 



Application/Control Number: 09/803,005 



Page 12 



Art Unit: 3621 

12. Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to John Hayes whose telephone number is (703)306-5447. The examiner can normally be 
reached Monday through Friday from 5:30 to 3:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jim 
Trammell, can be reached on (703) 305-9768. 

Any inquiry of a general nature or relating to the status of this application or proceeding should be 
directed to the receptionist whose telephone number is (703) 308-1 113. 

Any inquiry of a general nature or relating to the status of this application or proceeding should be 
directed to the Receptionist whose telephone number is (703) 305-3900. Information regarding the 
status of an application may be obtained from the Patent Application information Retrieval (PAIR) system. 
Status information for published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. For more 
information about the PAIR system, see http://portal.uspto.Qov/external/portal/pair . Should you have 
questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866- 
217-9197 (toll-free). 

Please address mail to be delivered by the United States Postal Service (USPS) as follows: 



Commissioner of Patents and Trademarks 



Washington, D.C. 20231 



or faxed to: 



(703) 872-9306 [Official communications; including 

After Final communications labeled 
"Box AF"] 



(703) 746-5531 [Informal/Draft communications, labeled 

"PROPOSED" or "DRAFT] 



Hand delivered responses should be brought to Crystal Park 5, 2451 Crystal Drive. Arlington. 



th floor receptionist. 




VA, 7' 



March 14. 2005 



